Legacy systems — mainframes running COBOL, AS/400 systems, decades-old applications — often process the most critical business transactions (banking, insurance, government) but lack modern security controls. Assessment covers: access control (RACF, ACF2, TopSecret configuration), network exposure (are mainframe services accessible from modern networks?), application security in legacy code, encryption of data at rest and in transit, audit logging adequacy, and the security of interfaces between legacy and modern systems.
Technical
Legacy System and Mainframe Security: Assessing Systems Too Critical to Replace for Australian Enterprises
Mainframes and legacy systems process critical transactions but may lack modern security controls. Assessment approaches for irreplaceable infrastructure. Guidance for AU market.